Homomorphic Secret Sharing: Optimizations and Applications

We continue the study of Homomorphic Secret Sharing (HSS), recently introduced by Boyle et al. (Crypto 2016, Eurocrypt 2017). A (2-party) HSS scheme splits an input x into shares (x0,x1) such that (1) each share computationally hides x, and (2) there exists an efficient homomorphic evaluation algorithm $\Eval$ such that for any function (or "program") from a given class it holds that Eval(x0,P)+Eval(x1,P)=P(x). Boyle et al. show how to construct an HSS scheme for branching programs, with an inverse polynomial error, using discrete-log type assumptions such as DDH. We make two types of contributions. Optimizations. We introduce new optimizations that speed up the previous optimized implementation of Boyle et al. by more than a factor of 30, significantly reduce the share size, and reduce the rate of leakage induced by selective failure. Applications. Our optimizations are motivated by the observation that there are natural application scenarios in which HSS is useful even when applied to simple computations on short inputs. We demonstrate the practical feasibility of our HSS implementation in the context of such applications.

[1]  Michael Alekhnovich,et al.  Exponential Lower Bounds for the Running Time of DPLL Algorithms on Satisfiable Formulas , 2004, SODA '04.

[2]  Yuval Ishai,et al.  Breaking the Circuit Size Barrier for Secure Computation Under DDH , 2016, CRYPTO.

[3]  Benny Applebaum,et al.  Pseudorandom generators with long stretch and low locality from random local one-way functions , 2012, STOC '12.

[4]  Sanjam Garg,et al.  Garbled Protocols and Two-Round MPC from Bilinear Maps , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[5]  Chris Peikert,et al.  Multi-key FHE from LWE, Revisited , 2016, TCC.

[6]  Luca Trevisan,et al.  On the One-Way Function Candidate Proposed by Goldreich , 2014, ACM Trans. Comput. Theory.

[7]  Anat Paskin-Cherniavsky,et al.  On the Power of Correlated Randomness in Secure Computation , 2013, TCC.

[8]  Ronald L. Rivest,et al.  ON DATA BANKS AND PRIVACY HOMOMORPHISMS , 1978 .

[9]  Josh Benaloh,et al.  Secret Sharing Homomorphisms: Keeping Shares of A Secret Sharing , 1986, CRYPTO.

[10]  Yuval Ishai,et al.  Secure Arithmetic Computation with Constant Computational Overhead , 2017, CRYPTO.

[11]  Marcel Keller,et al.  MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer , 2016, IACR Cryptol. ePrint Arch..

[12]  David Witmer,et al.  Goldreich's PRG: Evidence for Near-Optimal Polynomial Stretch , 2014, 2014 IEEE 29th Conference on Computational Complexity (CCC).

[13]  Shai Halevi,et al.  Bootstrapping for HElib , 2015, EUROCRYPT.

[14]  Shachar Lovett,et al.  Algebraic Attacks against Random Local Functions and Their Countermeasures , 2015, SIAM J. Comput..

[15]  Yuval Ishai,et al.  Foundations of Homomorphic Secret Sharing , 2018, ITCS.

[16]  Yuval Ishai,et al.  Secure Arithmetic Computation with No Honest Majority , 2008, IACR Cryptol. ePrint Arch..

[17]  Josh Benaloh,et al.  Secret Sharing Homomorphisms: Keeping Shares of A Secret Sharing , 1986, CRYPTO.

[18]  Ivan Damgård,et al.  The TinyTable Protocol for 2-Party Secure Computation, or: Gate-Scrambling Revisited , 2017, CRYPTO.

[19]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[20]  Craig Gentry,et al.  Two-Round Secure MPC from Indistinguishability Obfuscation , 2014, TCC.

[21]  Brent Waters,et al.  Constrained Pseudorandom Functions and Their Applications , 2013, ASIACRYPT.

[22]  Yuval Ishai,et al.  Function Secret Sharing , 2015, EUROCRYPT.

[23]  Nicolas Gama,et al.  Faster Fully Homomorphic Encryption: Bootstrapping in Less Than 0.1 Seconds , 2016, ASIACRYPT.

[24]  Rafail Ostrovsky,et al.  Cryptography with constant computational overhead , 2008, STOC.

[25]  Yuval Ishai,et al.  Group-Based Secure Computation: Optimizing Rounds, Communication, and Computation , 2017, EUROCRYPT.

[26]  Ron Rothblum,et al.  Spooky Encryption and Its Applications , 2016, CRYPTO.

[27]  Shafi Goldwasser,et al.  Functional Signatures and Pseudorandom Functions , 2014, Public Key Cryptography.

[28]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[29]  Brent Waters,et al.  Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based , 2013, CRYPTO.

[30]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[31]  Tobias Nilges,et al.  Maliciously Secure Oblivious Linear Function Evaluation with Constant Overhead , 2017, ASIACRYPT.

[32]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[33]  Vinod Vaikuntanathan,et al.  On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption , 2012, STOC '12.

[34]  Hoeteck Wee,et al.  FHE Circuit Privacy Almost for Free , 2016, CRYPTO.

[35]  Kazumaro Aoki,et al.  SEC X.2: Recommended Elliptic Curve Domain Parameters , 2008 .

[36]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[37]  Peter Tolstrup Nielsen,et al.  On the expected duration of a search for a fixed pattern in random data , 1973 .

[38]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[39]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[40]  Fabrice Benhamouda,et al.  k-Round Multiparty Computation from k-Round Oblivious Transfer via Garbled Interactive Circuits , 2018, EUROCRYPT.

[41]  Ran Canetti,et al.  Towards Realizing Random Oracles: Hash Functions That Hide All Partial Information , 1997, CRYPTO.

[42]  Ivan Damgård,et al.  Semi-Homomorphic Encryption and Multiparty Computation , 2011, IACR Cryptol. ePrint Arch..

[43]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[44]  Richard Cleve,et al.  Towards optimal simulations of formulas by bounded-width programs , 1990, STOC '90.

[45]  Yuval Ishai,et al.  Distributed Point Functions and Their Applications , 2014, EUROCRYPT.

[46]  Vinod Vaikuntanathan,et al.  Multiparty Computation with Low Communication, Computation and Interaction via Threshold FHE , 2012, EUROCRYPT.

[47]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[48]  Daniel Wichs,et al.  Two Round Multiparty Computation via Multi-key FHE , 2016, EUROCRYPT.

[49]  Josh Benaloh,et al.  Cryptographic Capsules: A Disjunctive Primative for Interactive Protocols , 1986, CRYPTO.

[50]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[51]  Steven Myers,et al.  Threshold Fully Homomorphic Encryption and Secure Computation , 2011, IACR Cryptol. ePrint Arch..

[52]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[53]  Ivan Damgård,et al.  Gate-scrambling Revisited - or: The TinyTable protocol for 2-Party Secure Computation , 2016, IACR Cryptol. ePrint Arch..

[54]  Rafail Ostrovsky,et al.  Private Searching on Streaming Data , 2005, Journal of Cryptology.

[55]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[56]  Léo Ducas,et al.  FHEW: Bootstrapping Homomorphic Encryption in Less Than a Second , 2015, EUROCRYPT.

[57]  Oded Goldreich,et al.  Candidate One-Way Functions Based on Expander Graphs , 2011, Studies in Complexity and Cryptography.

[58]  Guy N. Rothblum,et al.  Obfuscating Conjunctions , 2015, Journal of Cryptology.

[59]  David Mandell Freeman,et al.  Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups , 2010, EUROCRYPT.

[60]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[61]  Yuval Ishai,et al.  Function Secret Sharing: Improvements and Extensions , 2016, CCS.

[62]  Luca Trevisan,et al.  On e-Biased Generators in NC0 , 2003, FOCS.

[63]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[64]  Elaine Shi,et al.  Constant-Round MPC with Fairness and Guarantee of Output Delivery , 2015, CRYPTO.

[65]  Dan Boneh,et al.  Riposte: An Anonymous Messaging System Handling Millions of Users , 2015, 2015 IEEE Symposium on Security and Privacy.

[66]  Claude Carlet,et al.  Towards Stream Ciphers for Efficient FHE with Low-Noise Ciphertexts , 2016, EUROCRYPT.

[67]  Moni Naor,et al.  Oblivious Polynomial Evaluation , 2006, SIAM J. Comput..

[68]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[69]  Vladimir Kolesnikov,et al.  Improved OT Extension for Transferring Short Secrets , 2013, CRYPTO.

[70]  Luca Trevisan,et al.  Goldreich's One-Way Function Candidate and Myopic Backtracking Algorithms , 2009, TCC.

[71]  Kaoru Kurosawa,et al.  Multi-recipient Public-Key Encryption with Shortened Ciphertext , 2002, Public Key Cryptography.

[72]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[73]  Donald Beaver,et al.  Foundations of Secure Interactive Computing , 1991, CRYPTO.

[74]  Niv Gilboa,et al.  Two Party RSA Key Generation , 1999, CRYPTO.

[75]  Donald Beaver,et al.  Precomputing Oblivious Transfer , 1995, CRYPTO.

[76]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[77]  Sanjam Garg,et al.  Two-round Multiparty Secure Computation from Minimal Assumptions , 2018, IACR Cryptol. ePrint Arch..